Apache · Apache Shenyu · CVE-2022-37435
**Name of the Vulnerable Software and Affected Versions**
Apache ShenYu versions 2.4.2 through 2.4.3
**Description**
The issue is related to insecure permissions in Apache ShenYu Admin, which may allow low-privilege administrators to modify high-privilege administrator's passwords.
**Recommendations**
For versions 2.4.2 and 2.4.3, update to version 2.5.0 to resolve the issue.
As a temporary workaround, consider restricting access to the administrator password modification functionality until a patch is applied.